Add reason codes with the correct offset for two alerts#24338
Closed
jchampio wants to merge 1 commit intoopenssl:openssl-3.0from
Closed
Add reason codes with the correct offset for two alerts#24338jchampio wants to merge 1 commit intoopenssl:openssl-3.0from
jchampio wants to merge 1 commit intoopenssl:openssl-3.0from
Conversation
Contributor
|
can you rebase this on the master branch please? We will apply tags to the PR to backport it appropriately |
Member
Yes, it looks like so.
Just add the codes back with the proper SSL_R_ name
Hmm... that would be non-trivial. Perhaps we can allow this without a test case.
Yes, just keep it unused. |
Member
We would need a separate PR for 3.0/3.1 (which can be this PR) because of the changes on master/3.3/3.2 - please create a new PR that will be applied to these 3 branches. |
Fixes openssl#24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. CLA: trivial
624cd97 to
7cb496d
Compare
NO_APPLICATION_PROTOCOL alert
2 tasks
Contributor
Author
I took the liberty to add that one, too; if that's unhelpful I can split it back out or revert it.
For the record, it's still referenced on the server side. Same with
|
Contributor
Author
|
(Oh, and I got |
t8m
approved these changes
May 9, 2024
Member
t8m
left a comment
There was a problem hiding this comment.
As most of the changes are result of mkerr.pl. I am OK with CLA: trivial.
nhorman
approved these changes
May 9, 2024
Contributor
|
@nhorman You are a committer, so can remove the committer |
Collaborator
|
This pull request is ready to merge |
Member
|
Waiting on #24351 to be merged to the master branch. |
Member
|
Merged to the 3.0 and 3.1 branches. Thank you for your contribution. |
openssl-machine
pushed a commit
that referenced
this pull request
May 14, 2024
Fixes #24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #24338) (cherry picked from commit 9e33c9c)
richardlau
added a commit
to richardlau/node-1
that referenced
this pull request
Jun 6, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338
richardlau
added a commit
to richardlau/node-1
that referenced
this pull request
Jun 7, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338
nodejs-github-bot
pushed a commit
to nodejs/node
that referenced
this pull request
Jun 10, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
targos
pushed a commit
to nodejs/node
that referenced
this pull request
Jun 20, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
soophoo
pushed a commit
to soophoo/node
that referenced
this pull request
Jun 20, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: nodejs#53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
bmeck
pushed a commit
to bmeck/node
that referenced
this pull request
Jun 22, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: nodejs#53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
bernd-edlinger
pushed a commit
to bernd-edlinger/openssl
that referenced
this pull request
Jun 29, 2024
Fixes openssl#24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24338)
bernd-edlinger
pushed a commit
to bernd-edlinger/openssl
that referenced
this pull request
Jun 30, 2024
Fixes openssl#24300. The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24338)
marco-ippolito
pushed a commit
to nodejs/node
that referenced
this pull request
Jul 19, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
marco-ippolito
pushed a commit
to nodejs/node
that referenced
this pull request
Jul 19, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
richardlau
added a commit
to nodejs/node
that referenced
this pull request
Sep 19, 2024
Starting from OpenSSL 3.0.14, 3.1.6, 3.2.2, and 3.3.1, OpenSSL was fixed to return an error reason string for bad/unknown application protocols. Update tests to handle both the old `ECONNRESET` error on older versions of OpenSSL and the new `ERR_SSL_TLSV1_ALERT_NO_APPLICATION_PROTOCOL` on newer versions of OpenSSL. Refs: openssl/openssl#24338 PR-URL: #53373 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
Maxlsc
added a commit
to Maxlsc/Tongsuo
that referenced
this pull request
Apr 23, 2026
The current values of SSL_R_NO_APPLICATION_PROTOCOL and SSL_R_PSK_IDENTITY_NOT_FOUND don't allow for a correct lookup of the corresponding reason strings. Merged from openssl/openssl#24338
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
note: this is currently based on branch
openssl-3.0; see belowAttempts to fix #24300. The current
SSL_R_NO_APPLICATION_PROTOCOLvalue doesn't allow for a correct lookup of the reason string, so add a constant that is equal toSSL_AD_REASON_OFFSET + TLS1_AD_NO_APPLICATION_PROTOCOL. Do the same forSSL_R_PSK_IDENTITY_NOT_FOUND.Here are my "open items" (edit: all answered here):
UNKNOWN_PSK_IDENTITYis going to have the same bug.masterbranch entirely. (That's why I haven't forward-ported this yet.) Should I just add them back?ExpectedServerAlertduring the ALPN exchange, but I don't see any tests for the error message itself.SSL_R_NO_APPLICATION_PROTOCOLcode? Does that constant need to remain for compatibility?Checklist
documentation is added or updatedtests are added or updated